Public bug reported:
Binary package hint: logcheck
Problem
=======
Stock logcheck 1.2.61 under Mythbuntu (Gutsy) fails with a misleading error
message when /var/log/auth.log.1.gz does not exist.
Failure email (misleading):
----- cut here -----
Subject: Logcheck: <hostname> 2007-10-05 15:02 exiting due to errors
Body:
Warning: If you are seeing this message, your log files may not have been
checked!
Details
=======
Could not run logtail or save output
Check temporary directory: /tmp/logcheck.es2361
Also verify that the logcheck user can read all files referenced in
/etc/logcheck/logcheck.logfiles!
declare -x HOME="/var/lib/logcheck"
declare -x LANG="en_US.UTF-8"
declare -x LOGNAME="logcheck"
declare -x MAILTO="root"
declare -x OLDPWD
declare -x PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
declare -x PWD="/var/lib/logcheck"
declare -x SHELL="/bin/sh"
declare -x SHLVL="1"
----- cut here -----
Note the temp dir has already been removed, so telling the user to check
it is useless and confusing.
Reason
======
The Perl /usr/sbin/logtail2 script's sub determine_rotated_logfile uses
'/usr/share/logtail/detectrotate/*.dtr' to figure out where previously rotated
files might be. That code seems to come up with '/var/log/auth.log.1.gz' as a
file to check. But if that file does not exist, logtail2 dies with "Cannot get
/var/log/auth.log.1.gz mtime: No such file or directory" and that kills
logcheck, producing the error above.
The actual logtail2 error is buried in $TMPDIR/logoutput/$(basename
"$file"), which is a) not shown or mentioned in the error message email
and b) automatically deleted unless you're manually running logcheck -t.
Possible Solution
=================
Instead of:
if ($rotated_filename && inode($rotated_filename) == $inode) {
use something like this (NOT TESTED):
if ($rotated_filename && -e $rotated_filename \
&& inode($rotated_filename) == $inode) {
Steps to Reproduce
==================
Backup your existing /var/log/auth* files!
$ date
Fri Oct 5 18:31:30 EDT 2007
$ cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.10
DISTRIB_CODENAME=gutsy
DISTRIB_DESCRIPTION="Ubuntu gutsy (development branch)"
$ whoami
logcheck
$ logcheck -v
logcheck 1.2.61
$ ls -l /var/log/auth*
-rw-r----- 1 syslog adm 120382 2007-10-05 18:17 /var/log/auth.log
-rw-r----- 1 syslog adm 51802 2007-09-30 06:47 /var/log/auth.log.0
$ /usr/sbin/logtail2 -t -f /var/log/auth.log -o /tmp/offset.var.log.auth.log >
/dev/null
Cannot get /var/log/auth.log.1.gz mtime: No such file or directory
$ sudo touch /var/log/auth.log.1.gz
[sudo] password for logcheck:
$ ls -l /var/log/auth*
-rw-r----- 1 syslog adm 120850 2007-10-05 18:25 /var/log/auth.log
-rw-r----- 1 syslog adm 51802 2007-09-30 06:47 /var/log/auth.log.0
-rw-r--r-- 1 root root 0 2007-10-05 18:26 /var/log/auth.log.1.gz
$ /usr/sbin/logtail2 -t -f /var/log/auth.log -o
/tmp/offset.var.log.auth.log > /dev/null
$ sudo rm /var/log/auth.log.1.gz
$ ls -l /var/log/auth*
-rw-r----- 1 syslog adm 120850 2007-10-05 18:25 /var/log/auth.log
-rw-r----- 1 syslog adm 51802 2007-09-30 06:47 /var/log/auth.log.0
$ /usr/sbin/logtail2 -t -f /var/log/auth.log -o /tmp/offset.var.log.auth.log >
/dev/null
Cannot get /var/log/auth.log.1.gz mtime: No such file or directory
** Affects: logcheck (Ubuntu)
Importance: Undecided
Status: New
--
logcheck fails when auth.log.1.gz missing
https://bugs.launchpad.net/bugs/149641
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
